Authentication with another server oauth2

[shahryarjb]

Hi, I have a problem that I have searched in this place and Stack Overflow, but I could not be able to fix it.
I have an API which is located in another host and server, and it is not a NextJS API. When I send a request to the server, I receive a JSON like this:

{
    "action": "login",
    "auth": {
        "access_expires_in": 1662550018,
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJtaXNoa2FfdXNlciIsImV4cCI6MTY2MjU1MDAxOCwiaWF0IjoxNjYyNTQ2NDE4LCJpc3MiOiJtaXNoa2FfdXNlciIsImp0aSI6IjA0MDRmMzkzLWEwY2ItNDMzMC04MGZjLTdmM2MyMTQ3YmI0NCIsIm5iZiI6MTY2MjU0NjQxNywic29tZSI6ImNsYWltIiwic3ViIjoiYjMyYmVmM2UtOTJkMC00NjRkLWE0ZTUtZDk3Y2JkMGNlOTVjIiwidG9rZW5faWQiOiJjMmQxZjkzZC0yOTdjLTQ2OTYtYjJhMS01OWY2ZDViY2ZiNzciLCJ0eXAiOiJhY2Nlc3MifQ.fpEgWMobUSlPO432gxAjq8sZaRa_5-Ev_o2pdD9YPX8",
        "refresh_expires_in": 1663670418,
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJtaXNoa2FfdXNlciIsImV4cCI6MTY2MzY3MDQxOCwiaWF0IjoxNjYyNTQ2NDE4LCJpc3MiOiJtaXNoa2FfdXNlciIsImp0aSI6IjNkYmJmMjQ2LTg0OTctNDYzZS1hODU2LTg3MWM3MDFhYjY4NiIsIm5iZiI6MTY2MjU0NjQxNywic29tZSI6ImNsYWltIiwic3ViIjoiYjMyYmVmM2UtOTJkMC00NjRkLWE0ZTUtZDk3Y2JkMGNlOTVjIiwidG9rZW5faWQiOiI4ZTlkN2VmMS0wMDY2LTRhM2QtYTUzOC0yMTUwMzgwNGY1ZjciLCJ0eXAiOiJyZWZyZXNoIn0.nZ-Lzi8BPQPib2sVWlBfiDht_XRoKGxv1dSDMmvgV9M",
    },
    "message": "You entered.",
    "system": "user",
    "user_info": {
        "email": "[email protected]",
        "full_name": "testname",
        "id": "b32bef3e-92d0-464d-a4e5-d97cbd0ce95c",
        "status": "registered",
        "username": "testuser"
    }
}

So I need to store the {access_token, access_expires_in, refresh_expires_in, refresh_token}.

1. access_token token expires every hour
2. refresh_token token expires every 14 days

In my page, my user sends a form like this:

const buttonClickHandler = async (event) => {
  // get tokes and tokens information from server and path to auth var
  let auth = TOKENS_FROM_THE_SERVER
  await signIn('credentials', {
    redirect: true,
    email: userInfo.email,
    name: userInfo.name,
    token: auth
  });
};

And the API part in NextJs

export default NextAuth({
  session: {
    jwt: true,
  },
  providers: [
    CredentialsProvider({
      name: 'Credentials',
      async authorize(credentials, req) {
        console.log(credentials);
        const user = {
          name: credentials.user,
          email: credentials.email,
          token: credentials.token,
        };

        return user;
      },
    }),
  ],

I know the token, it is not stored in session but I need to catch it in my callback to store in session, something like this:

callbacks: {
    async jwt({ user, token }) {
      token.access_token = user.token.access_token;
      token.refresh_token = user.token.refresh_token;
      token.refresh_expires_in = user.token.refresh_expires_in;
      token.access_expires_in = user.token.access_expires_in;

      return token;
    },
    async session({ session, token, user }) {
      session.access_token = token.access_token;
      session.refresh_token = token.refresh_token;
      session.refresh_expires_in = token.refresh_expires_in;
      session.access_expires_in = token.access_expires_in;
      return session;
    },
  },
});

---

---

The first problem I have is I get an error like this: Cannot read properties of undefined (reading 'token'), for example the part I do token.access_token = user.token.access_token;, it can not read user.token

When I console.log(user) I get

[Object: null prototype] {
  redirect: 'true',
  email: '[email protected]',
  name: 'a name',
  token: '[object Object]',
  csrfToken: '44cfa18dfd2538724eef6913e64d587ac988bf3badde861e519b1a2e0bb2e6c0',
  callbackUrl: 'http://localhost:3000/',
  json: 'true'
}
{
  name: undefined,
  email: '[email protected]',
  picture: undefined,
  sub: undefined
}

It loads 2 time and the second time token is not there and my code is broken.

If I change the JWT call back to this, It works:

token.access_token = "test";
token.refresh_token =  "test";
token.refresh_expires_in =  "test";
token.access_expires_in =  "test";
return token;

The second problem is, The next-auth has own expires time, but I need it works 14 days and keep the refresh token and let user get new access with refresh token help

Please help me how can get token and set it and if you have suggestion for me let me know what I should do

Thank you in advance, and Thank you again for all your efforts